Windows Server 2008: SeverCore Raiders

At the beginning of this article, I need to explain that Windows Server 2008 Core does not support all server roles. It supports the following roles: file server role, print server role, Domain controller role, DNS server role, DHCP server role, and WINS server role. By default, the File Server role is already installed on Windows Server 2008 Core for remote management.

At the same time, Windows Server 2008 Core also supports the following features: cluster server, network load balancing, Unix subsystem, Windows Server Backup, MPIO, Removable Storage Management, Windows BitLocker drive encryption, SNMP, Single Instance Storage and Telnet client end.

In the first article (click to read) we have introduced the installation and management of Windows Server 2008 Enterprise. Today we will continue to explain how to manage Windows Server 2008 Enterprise Core. The virtual machine scenario used continues with the previous one. In the previous article, we built a Windows Server 2008 domain controller and DNS server called Sea-DC1. Today we will install Windows Server 2008 Enterprise Core with the computer name Sea-svr2. For the first article, please refer to the following link:

After logging in to the Windows Server 2008 Enterprise Core computer, we will find that there is no UI, that is, a graphical interface, only one Windows command shell. As shown in the following figure (1).

Figure (1)

First use the netsh command to configure the IP V4 address for your computer. As shown in the following figure (2).

FIG. (2)

then set DNS. Use ipconfig /all to see if the TCP/IP settings are successful. As shown in the following figure (3).

FIG. (3)

At this time, this computer network configuration I is:
IP address - 192.168.1.3 < BR> Subnet Mask - 255.255.255.0
Default Gateway – No
DNS Server – 192.168.1.1
Next I will use the netdom command to add this computer to the Windows Server 2008 domain contoso.com, the computer also No renaming, I will change the computer name after I join the domain. As shown in Figure (4) below.

Figure (4)

note on the graph (4), I use the /passwordd: *, so you will be prompted Enter the password of the domain administrator. The password you entered is not displayed, so it is safe. If you use /passwordd: password directly, the password will be displayed directly.

Then use the shutdown command to restart the computer. Of course, if you press Ctrl+Alt+Del and then select Shutdown. As shown in the following figure (5).

FIG. (5)

after restarting, we will use the netdom command to rename the computer Sea-svr2, netdom command has a renamecomputer The parameters can be updated at the same time to the local computer name and the computer object name corresponding to the computer in the Active Directory. After this command is run, there will be a prompt <Y or N>, the computer name change will affect some special services, for example Certificate service. Here I choose Y directly. As shown in Figure (6) below.

FIG (6)

Then we open the Server Manager on a domain controller Sea-DC1, expand roles, expand Active Directory Domain Service , expand Active Directory Users and Computers, click on the Computers container and find that a computer account named Sea-svr2 already exists. As shown in Figure (7) below.

I will use the netsh command to configure Windows Firewall, I will open the following ports:
DNS server UDP 53: accept client DNS query
DNS server TCP 53: for zone transfer
TCP 135: for remote Management
UDP 137: Netbios-ns
UDP 138: Netbios-dgm
TCP 139: Netbios-SSN
TCP 445: Microsoft-Ds
TCP 3389: Remote Desktop

Note: The DNS port is opened here because I will configure Sea-svr2 as a DNS server later.

First use the netsh command to view the current firewall configuration. As shown in the following figure (8).

Figure (8)

Figure (8) can see that Windows Firewall is enabled, but did not specify to open What port. Below I will open the ports mentioned above one by one. As shown in the following figure (9).

FIG. (9)

use netsh firewall show config command to view the current firewall configuration, as shown (10).

Figure (10)

can be seen from the figure, has been enabled in the Service configuration for Domain Profile below, file and print sharing and Remote Desktop Services And TCP's 135, 53 and UDP port 53 are already open.

Next we use oclist.exe to see the current list of server roles and the installation status. As shown in the following figure (11).

Figure (11)

we can find no server role installed, the actual entire list is very long, the display is very clear. Next we use ocsetup to install the DNS server role on Sea-svr2, as shown in Figure (12) below.

Figure (12)

used next oclist.exe again to view the current list of server roles and installation status. As shown in the following figure (13).

Figure (13)
You can see that the DNS server role has been successfully installed. If you need to manage the DNS server role on this computer later, you can use the dnscmd command. Or remotely manage from other computers using the DNS console.
Note: When using ocsetup for role installation, it is sensitive to case. For example, if the command in Figure (12) is written as "start /w ocsetup dns-server-core-role", it will fail. Also if you want to install the domain controller role, use dcpromo, don't use ocsetup.

Finally, let's test the previous firewall configuration. First we remotely open the computer management of Sea-svr2 from the domain controller Sea-DC1. As shown in Figure (14) below.

Figure (14)

As you can see from Figure (14), I remotely connected Sea-Svr2.contoso.com to the Sea-DC1 domain controller using the computer management console. Let's try to create a share. Can be created successfully. As shown in Figure (15) below.

Figure (15)
But because the firewall is not configured when the firewall is configured on Sea-svr2, the event viewer cannot be opened. As shown in Figure (16) below.

Figure (16)

From Sea-DC1, open run, type \\\\Sea-svr2\\data and find it is accessible. As shown in the following figure (17). ,